A disaster in the IT world comes in many forms – natural disasters, ransomware, a cyber breach, and acts of terrorism, just to name a few. These disasters disrupt normal business and can ultimately have severe and expensive consequences on a company’s reputation and bottom line.
The bad news is many companies think these disasters can never happen to them and don’t take the proper precautions; the good news is that prevention of many disasters is attainable, and planning ensures that when there is a disaster, your company is prepared to get back to business as usual.
Have Good “Offline” Backups
A good backup must be historical and reside where nothing else can touch it, including your servers or applications.
Your backups should be bare metal and system state backups. A traditional backup simply copies your files and databases somewhere else. System state backups protect your operating system files and a bare metal backup images the entire server. This means that if your server cannot turn on, you can buy a new server, restore it, and be back online in mere hours without losing anything.
Perhaps the most important point to be made here is not to handle your own backup. Hire a trusted third-party who specializes in doing this. A good backup plan – and its execution – is essential, so make sure it’s handled properly.
Invest in Security Software
Many companies put antivirus software on their computers and think they’re protected, but antivirus is just the tip of the iceberg. The better option is software that also scans for suspicious activity and different forms of malware, as well as monitoring email and Internet actions. This software must reside on every computer as well as every server to be effective. And finally, the software must be kept current with regular updates performed.
Pay Special Attention to Email
Email is the most common way that malware and ransomware spreads, so it is pertinent to use a service that specializes in email security. The company will ensure that security measures are properly configured and discuss with you the benefits of certain policies, such as blocking zip files or insecure email systems, such as AOL.
Institute Web Filters
Ransomware and viruses can infiltrate your network via Internet searches. A simple mistyped URL or back click and lead to infection. Web filtering solutions are very inexpensive but highly effective in blocking users from those dangerous sites and links.
Secure Your VPN and Firewall
VPN connections allow your employees increased flexibility to work remotely, but care must be taken to ensure your network’s security. An infected computer in someone’s home or even at another office location could take down your entire company. Consider instituting policies that limit VPN access to only secure computers or ones that limit what a user can do on their computer once they VPN into your network. In addition, your firewall configurations and settings need to be monitored and checked periodically to ensure no lapses in your company’s security.
Block Malware from Executing
Ransomware executes by accessing certain Windows directories that then run processes to encrypt your files. As a last measure, if ransomware gets through your filters and security settings, there are certain settings and software to block ransomware from accessing these directories. This is one of the last lines of defense and should be a vital part of your security plan.
Train. Test. Retrain. Retest.
The greatest vulnerability on any company’s network is the users on it. Companies must implement routine training for all employees. Testing should occur several times throughout the year, like sending an email that spoofs a phishing email, for example, to determine if employees click on it. Following such tests, all employees should receive training to refresh safety measures.